* You are viewing Posts Tagged ‘pbx’

SIP Fraud IP Blacklist

Hi,

in case, anyone is interested… I have started compiling a blacklist of hosts and networks from which SIP fraud attempts occur. My criteria currently are:

To block an IP:
– Minimum 3 attacks within one week from the same IP
To block a network:
– Attacks from minimum 3 IPs from that network within 2 weeks Common criteria:
– Provider does not react to complaints OR
– Provider sends autoreply but attacks don’t stop within a week

Definition of attack:
– Minimum 5 attempts to make an unauthorized phone call to a non-PBX-internal number OR
– Minimum 10 attempts to make an unauthorized phone call to a PBX-internal number OR
– Minimum 10 failed authentication attempts

If this happens, the IP gets auto-banned (iptables) for 24 hours and goes to my watch list. The watch list is the base for my further decisions.

Currently, I don’t remove IPs or networks from the list. If I have time and/or motivation I might create some kind of removal process later –
also, depending on how big the list gets and how many people use it.

The list is yet pretty short but for me, it has reduced the noise on my PBX from 20-30 attacks per day to about 2 or 3 per week, especially after most of the Palestinian networks ended up on the list.

You’re free to use the list – own your own responsibility and risk. It’s in the ipdeny.com format, so a simple script can be used to CURL the list and create iptables rules from it. A sample script for something like that is also on my website (check the Linux section).

That’s the website for the list:
http://stefan.gofferje.net/it-stuff/sipfraud/sip-attacker-blacklist

And that’s the download URL:
http://stefan.gofferje.net/sipblocklist.zone

Note that the list is updated every 6h so polling it more often doesn’t help anything. Please limit polling to once a day or so.

-S

Fraud Detection

hello everyone. i am concerned about security to the PBX and i would like to discuss different fraud detection methods. Apart from making everything to secure the PBX (latest patches, iptables, firewalls, no outside users, strongs passwds,…) i would like to find out if there are any fraud detection techniques. As for my setup i do have a PBX running asterisk 11.4 and it has 3 sip trunks (over internet)

Failed To Authenticate User 1000; Tag=03f82bb9

Hi,

I get a lot of these messages on my Asterisk CLI:

“Failed to authenticate user 1000;tagf82bb9″

as if my PBX machine is trying to authenticate to itself. It seems someone is attacking my Asterisk PBX.

Is there a way to fix this problem?

Thank you.

Giorgio Incantalupo

Converting From FXO To SIP?

I have a customer who has an analog PBX that is able to be put in
“away mode” such that when an inbound call comes in, it rings their cordless phone. This lets them leave the desk without risking missing a call.

However, we’d like to find a black box that would act like the cordless phone as far as the PBX was concerned, but instead of ringing a handset, we want it to dial an extension on our SIP network. This will allow us to handle the call much more flexibly than their PBX
can.

I was thinking that a TA with an FXO port might do the trick. But, I’m not sure how to get the device to redirect an incoming call on the FXO
port to a sip destination. Is this something that gets done in the device’s dialplan?

Does anyone have any insight into how to do this?

TIA,

Mike Diehl

Questions About Chan_dahdi, PRI, MWI (and Q.SIG)

Hello everyone,

My setup:
Debian squeeze Asterisk 1.8, DAHDI, libpri, compiled from source TE110P, attached to a Deutsche Telekom Octopus E Modell 300/800

I’m trying to get MWI for Voicemail working. In the same server I have also got an Eicon DIVA PRI card for testing purposes (it is integrated via CAPI and the chan-capi channel driver into my Asterisk). MWI works just fine there.

I read through chan_dahdi.conf and have some questions:

1. The documentation of mwi_mailboxes says: “You can give a comma separated list of up to 8 mailboxes per span.”

Is this constraint really existing? How am I supposed to use the MWI
feature in even a semi-professional environment? My PBX is used in a non-commercial project, but I have connected about 50 phones to my PBX, though, and it is interconnected with two further PBXs which would also need voicemail with MWI…

2. How can I set the MWI origin number?

3. Are there any debug possibilities for MWI?

Thanks in advance,

Jens

Moving Calls From One E1 To Another

Hello everyone. I want to migrate an old PBX which uses the Е1-PRI from one Telecom to VOIP by transparently moving the numbers one by one. I mean that the numbers that the PBX handle must be transparently moved from one operator to another. The old connection to the PBX is Е1-PRI and we must preserve that because no one knows how to configure this PBX. So my idea is to connect a PC with 2 ports E1 module between the PBX and the old telecom. One port of the module will be connected to the telecom’s wire and the other port will be connected to the PBX. This PBX will be powered with Asterisk of course so it will be able to connect by SIP
trunk to the alternative VoIP telecom. So my question is will I be able to transfer the calls from one E1 port to other? Could I be able to specify the difference clock source for the both ports?

Thanks in advance. Dimitar